docricePremium
join:2008-03-31
Fremont, CA | How-to: Active Directory and PEAP / EAP-TLS / PEAP-TLS As mentioned in another thread, I started writing a short step-by-step for a friend who wants to implement 802.11i for his company. What initially started out as a cheat sheet ended up being one of the longest articles I've ever written, so hopefully someone else out there can find this useful.
»wicked-styles.com/bitsandpieces/···ecurity/
It's a how-to guide on setting up 802.1X-based wireless security in an Active Directory-driven corporate network, so I tried to stay "native" within the Microsoft realm of things, although I do show how to configure an OS X client to connect to it. There are also sample packet traces for each EAP type implemented on both the client side as well as the server side (which I was planning to write step-by-step explanations for, but I've been writing this for days so I'll put it off until another week) for comparison purposes during testing.
If there are any obvious inaccuracies, grammar issues, etc., please let me know. |
|
 Its a SecretPlease speak into the microphonePremium
join:2008-02-23
Da wet coast
kudos:3 | Well done Doc, thanks for the post! |
|
jbibePremium,MVM
join:2001-02-22 | reply to docrice
Nice article.
What certificate formats are required for OS-X? Can OS-X produce the required certificates from a user.p12 certificate? |
|
|
|
docricePremium
join:2008-03-31
Fremont, CA | I didn't try importing a .p12 cert, but based on what I've read elsewhere, OS X should be able to use .p12 just fine. I believe the other certificate from the root CA was a DER, although I'd assume Base64 encoded files would work also. |
|
jbibePremium,MVM
join:2001-02-22 | Thanks. I will have to do some experimenting with OS-X when I get a chance. |
|
 DarkLogixPremium
join:2008-10-23
Baytown, TX
kudos:3 | reply to docrice
Thanks great work
could you put it into a pdf file |
|
docricePremium
join:2008-03-31
Fremont, CA | I wasn't planning on doing that, and I don't have a formal PDFing template for this article. And technically, the article isn't complete either since I skipped the section about explaining step-by-step what's happening in the packet traces. I spent a week writing this guide up and kind of got tired.
If it's for your own use, you could probably just copy / paste this into word with all the screenshots and use a free PDF converter (CutePDF?). |
|
DarkLogixPremium
join:2008-10-23
Baytown, TX
kudos:3 | Cool
you might be able to make money on this |
|
docricePremium
join:2008-03-31
Fremont, CA | If I was doing this for businesses as a consultant, I'd definitely charge for my time. Writing a how-to article, on the other hand, I usually prefer to give away. After all, I learned an immensely great deal from other people's free information online and I wouldn't be where I am if it hadn't been for them. |
|
 AngeloThe Network GuyPremium
join:2002-06-18 | reply to docrice
if you would like when i have abit of free time i'll make it into a pdf for you guys =) |
|
docricePremium
join:2008-03-31
Fremont, CA | Making a PDF is easy. However, for now I'd rather my content remain in its current form. |
|
| reply to docrice
Thanks for the time you spent on this Man ! |
|
| reply to docrice
now make documentation on setting up a supported network card of EAP-FAST to connect to a EAP-FAST Cisco network. |
|
docricePremium
join:2008-03-31
Fremont, CA | You guys are killin' me. I'll have to narrow down some supplicants first and install ACS. Wouldn't be a bad idea though since there are plenty of "Microsoft + Cisco" shops out there. |
|
